Sign in to follow this  
Christian Mairoll

Cyber Security Adware Removal Instructions

Recommended Posts

 

The Emsi Software malware research team has discoverd a new outbreak of the Cyber Security adware. a-squared Anti-Malware detects this malware as Adware.Win32.CyberSecurity.

Cyber Security is an new rogue scanner program. It show misleading scan results, and fake security alerts to convince the user that their computer infected with malware. The author of Cyber Security is still the same as that made TotalSecurity (Adware.Win32.TotalSecurity). To more convince users, Cyber Security will also create numerous files on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it. And also, Cyber Security will install new BHO (Browser Helper Objects) on victim machine.

This rogue scanner has the ability to avoid Virtual Machine, of course the goal is to make analysis more difficult.

blog_vmware_detection.png

When running on a virtual environment, Cyber Security will display a fake error message like this:

blog_before_patch.png

After bypassing the VM protection, this application will download the main rogue application from this address:

blog_download_address.png

blog_after_patch.png

Create new files:

  • %AllUsersProfile%Start MenuCSComputer Scan.lnk
  • %AllUsersProfile%Start MenuCSCyber Security.lnk
  • %AllUsersProfile%Start MenuCSHelp.lnk
  • %AllUsersProfile%Start MenuCSRegistration.lnk
  • %AllUsersProfile%Start MenuCSSecurity Center.lnk
  • %AllUsersProfile%Start MenuCSSettings.lnk
  • %AllUsersProfile%Start MenuCSUpdate.lnk
  • %AppData%MicrosoftInternet ExplorerQuick LaunchCS.lnk
  • %UserProfile%DesktopCyber Security.lnk
  • %ProgramFiles%Common FilesCSUninstall
  • %ProgramFiles%Common FilesCSUninstallUninstall.lnk
  • %ProgramFiles%CScs.exe
  • %SystemRoot%system32iehelpmod.dll

Create new registry entries:

  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionuninstallCS
  • HKEY_CLASSES_ROOTCLSID{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
  • HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun, CS

Malware screenshots:

CyberSecurity_1.png

CyberSecurity_2.png

CyberSecurity_3.png

CyberSecurity_4.png

CyberSecurity_5.png

How to remove the infection of Adware.Win32.CyberSecurity?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.



View the full article

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.